| From 2ea32f7372b65c24b2816f11c04bf59b5090d05b Mon Sep 17 00:00:00 2001 |
| From: erouault <erouault> |
| Date: Thu, 12 Jan 2017 19:23:20 +0000 |
| Subject: [PATCH 2/2] * libtiff/tif_ojpeg.c: fix leak in |
| OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and |
| OJPEGReadHeaderInfoSecTablesAcTable |
| |
| Upstream-status: Backport |
| |
| CVE: CVE-2017-7594 #patch2 |
| Signed-off-by: Rajkumar Veer <rveer@mvista.com> |
| Index: tiff-4.0.7/ChangeLog |
| =================================================================== |
| --- tiff-4.0.7.orig/ChangeLog 2017-04-24 16:50:26.465897646 +0530 |
| +++ tiff-4.0.7/ChangeLog 2017-04-24 16:56:20.685888360 +0530 |
| @@ -1,6 +1,7 @@ |
| 2017-01-12 Even Rouault <even.rouault at spatialys.com> |
| |
| - * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable |
| + * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesQTable, |
| + OJPEGReadHeaderInfoSecTablesDcTable and OJPEGReadHeaderInfoSecTablesAcTable |
| when read fails. |
| Patch by Nicolás Peña. |
| Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659 |
| Index: tiff-4.0.7/libtiff/tif_ojpeg.c |
| =================================================================== |
| --- tiff-4.0.7.orig/libtiff/tif_ojpeg.c 2017-04-24 16:52:27.349894477 +0530 |
| +++ tiff-4.0.7/libtiff/tif_ojpeg.c 2017-04-24 16:59:20.001883660 +0530 |
| @@ -1790,7 +1790,10 @@ |
| TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET); |
| p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64); |
| if (p!=64) |
| + { |
| + _TIFFfree(ob); |
| return(0); |
| + } |
| sp->qtable[m]=ob; |
| sp->sof_tq[m]=m; |
| } |
| @@ -1854,7 +1857,10 @@ |
| rb[sizeof(uint32)+5+n]=o[n]; |
| p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q); |
| if (p!=q) |
| + { |
| + _TIFFfree(rb); |
| return(0); |
| + } |
| sp->dctable[m]=rb; |
| sp->sos_tda[m]=(m<<4); |
| } |